Hello,
There are some articles related to my problem but it didn’t help me find a solution. I would need some help to find out a way to get MC gateway working in my context.
Context: Private GKE Auto pilot clusters in peered VPC and different projects.
I am following the different documentations to enable MC Gateway and all is working except one thing. NEG is not created in the Fleet Host Project for my service imported that is configured as the backend of my Gateway/HTTPRoute… which makes the solution useless 
I am creating an service on cluster_1 ( with annotation for NEG like ‘{“ingress”:true}’ → not pasting the right annotation cause it s considered as a link and I already have 2 links in my post ).
I am creating a serviceExport on Cluster_1 which triggers :
- serviceImport on cluster_1 ( fleet member )
- k8s endpoint creation on cluster_1
- NEG entries on cluster_1
- serviceImport on cluster_2 ( fleet host )
- service on cluster_2
- k8s endpoint creation on cluster_2
- But NO NEG entries on cluster_2 are created !!
If I search for logs in cluster_1 I can see the entry : type.googleapis.com/compute.networkEndpointGroups.insert"
When I look at the logs in cluster_2 I cannot see such entry, nor do I see an error.
I am searching for mc-gateway-controller or mc-gke-importer logs, nothing shows an error or warning.
Yet my Gateway is raising an Error that the HTTProute backend cannot be found in the NEG of my cluster_2 ( Fleet host)…
One thing is that everything else is working as designed, since I am able to access my service (on cluster_1) from cluster_2 using the exposed : http://helloweb.keycloak.svc.clusterset.local:8080 .
The problem is actually the routing via NEG.
I hope someone can help me there.
Thank you
PS: I searched for any logs that could be highlighting permission denied and nothing.